Reframework - Correct way to work with credentials

Pelayo_Celaya_Fernandez · September 30, 2023, 7:54am

So far I couldn’t find the answer in any course or youtube video about credentials.

Can someone tell me a brief description on what is the correct/intended way to work with credentials stored in Orchestrator.

Today what I’m doing is:

Store credential in Orchestrator with name “C_Example”
Map the credential in Config.xlsx
Inside reframework we have Initalization and Process (and others than don’t apply at least for me now)
Initialization reads Config file as per usual
In the process what I’m doing is calling sub-processes part of the complete automation, lets call them: Subprocess_one, Subprocess_two; based on different conditions.
Some of then need to make use of one or another credential
When the moment arrive I use in thoses sub-processes the Getcredentials activity (to use it in the minimal part of the entire automation/sequence)

Well, from one side this has sense since this way the credential is stored in memory only the minimal amount of time that needs to be in order to get used.

On the other hand this way does not follow the principle to get every possible thing/resource that the automation may need in the Initialization process.

So what I’m really questioning is:

Is correct to call the Orchestrator to get every possible credential needed in Initalization and pass it with arguments to the processes → subprocesses or is correct to call the Orchestrator in the middle of a subprocess to get the credential, then use it and then let run out of the memory.

Also now comes to my mind that the way I’m doing it right now (calling orchestrator with get credentials in the subprocess) has another problem: If the credential is used more than once pero execution; witch it is the case at least in this automation, I’ll be calling the Orchestrator one per item.

This automation: Has around 2000 items per performer execution. At least 1000 of the items will require to call the orchestrator for a credential. Time lost in coms with orchestrator is not important since the rpa lasts around 1 min per item due to technical limitations.

Thanks for your answer,

Palaniyappan · September 30, 2023, 8:12am

Interesting question

The correct/intended way to work with credentials stored in Orchestrator is to get them in the Initialization process and pass them to the processes and subprocesses as arguments. This way, the credentials are only stored in memory for as long as necessary, and they can be reused by multiple processes and subprocesses without having to call Orchestrator multiple times.

Here is an example of how to do this:

`// In the Initialization process:

// Get the credentials from Orchestrator.
var credentials = GetCredentials(“C_Example”);

// Pass the credentials to the processes and subprocesses as arguments.
StartProcess(“ProcessOne”, credentials);
StartProcess(“ProcessTwo”, credentials); // In the ProcessOne process:

// Use the credentials that were passed as arguments.
// … // In the ProcessTwo process:

// Use the credentials that were passed as arguments.
// …`

This approach is more efficient and scalable than calling Orchestrator in the middle of a subprocess to get the credential. It also avoids the problem of having to call Orchestrator multiple times per item if the credential is used more than once per execution.

In the case of your automation, where you have around 2000 items per performer execution and at least 1000 of the items require you to call Orchestrator for a credential, this approach could save a significant amount of time.

It is important to note that you should only store credentials in Orchestrator that are needed by your UiPath robots. If possible, you should avoid storing sensitive credentials in Orchestrator, such as passwords or API keys. Instead, you should use a secure secrets management solution to store these credentials.

Hope this helps
Cheers @Pelayo_Celaya_Fernandez

Pelayo_Celaya_Fernandez · September 30, 2023, 8:29am

Thank you for your fast response. I think I’m going for your approach.

Only one thing I don’t understand in your message:

“It is important to note that you should only store credentials in Orchestrator that are needed by your UiPath robots. If possible, you should avoid storing sensitive credentials in Orchestrator, such as passwords or API keys. Instead, you should use a secure secrets management solution to store these credentials.”

I though the whole purpose of credentials as an asset was to store the sensitive credentials that a robot will need. In this automation the credentials are web url passwords, but I had other kind of credentials stored in Orchestrator such as certificate passwords to call web service, web service Authentication Values to do the calls and others.

Can you point to a tutorial or documentation about “secure secrets management” to find what you are talking about?

Thank you again in advance for your time,

system · October 3, 2023, 8:29am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Design Best Practice - Get Credential Activities activities , question , other	4	545	February 20, 2024
Orchestrator Credential in config file Studio studio , question , activities_panel	2	935	April 2, 2023
How to store credentials securely in config Studio studio , question , activities_panel	10	990	December 11, 2023
Best practice for credentials Orchestrator bestpractices , credentials	4	1324	September 23, 2022
Very Secured Way to store the credentials Help selector , activities , studio	7	1885	August 18, 2019

Reframework - Correct way to work with credentials

Related topics